Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clang-tidy crashes with bugprone-suspicious-realloc-usage check #59518

Closed
i-ky opened this issue Dec 14, 2022 · 4 comments
Closed

clang-tidy crashes with bugprone-suspicious-realloc-usage check #59518

i-ky opened this issue Dec 14, 2022 · 4 comments
Assignees
@balazske
Labels
clang-tidy crash Prefer [crash-on-valid] or [crash-on-invalid]

Comments

@i-ky
Copy link

i-ky commented Dec 14, 2022
edited by VoltrexKeyva 

$ clang-tidy -checks bugprone-suspicious-realloc-usage crash.cpp
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: clang-tidy -checks bugprone-suspicious-realloc-usage crash.cpp
1.	<eof> parser at end of file
2.	ASTMatcher: Processing 'bugprone-suspicious-realloc-usage' against:
	BinaryOperator : </tmp/crash.cpp:13:12, col:53>
--- Bound Nodes Begin ---
    call - { CallExpr : </tmp/crash.cpp:13:37, col:52> }
    parent_function - { CXXMethodDecl Bar::test : </tmp/crash.cpp:8:3, line:14:3> }
    ptr_input - { DeclRefExpr : </tmp/crash.cpp:13:45> }
    ptr_result - { DeclRefExpr : </tmp/crash.cpp:13:12> }
    realloc - { FunctionDecl realloc : </tmp/crash.cpp:1:1, col:31> }
--- Bound Nodes End ---
 #0 0x000056104c67da35 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #1 0x000056104c67b204 SignalHandler(int) Signals.cpp:0:0
 #2 0x00007fc16c1f9520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #3 0x0000561048f0adcf clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::FindAssignToVarBefore, bool>::Visit(clang::Stmt const*) SuspiciousReallocUsageCheck.cpp:0:0
 #4 0x0000561048f0aff3 (anonymous namespace)::FindAssignToVarBefore::VisitStmt(clang::Stmt const*) SuspiciousReallocUsageCheck.cpp:0:0
 #5 0x0000561048f0aff3 (anonymous namespace)::FindAssignToVarBefore::VisitStmt(clang::Stmt const*) SuspiciousReallocUsageCheck.cpp:0:0
 #6 0x0000561048f0c1f1 clang::tidy::bugprone::SuspiciousReallocUsageCheck::check(clang::ast_matchers::MatchFinder::MatchResult const&) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x11231f1)
 #7 0x000056104b4a02d6 clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor::MatchVisitor::visitMatch(clang::ast_matchers::BoundNodes const&) ASTMatchFinder.cpp:0:0
 #8 0x000056104b4cc56f clang::ast_matchers::internal::BoundNodesTreeBuilder::visitMatches(clang::ast_matchers::internal::BoundNodesTreeBuilder::Visitor*) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x36e356f)
 #9 0x000056104b4a10e0 clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor::matchWithFilter(clang::DynTypedNode const&) ASTMatchFinder.cpp:0:0
#10 0x000056104b4c5c70 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseObjCAutoreleasePoolStmt(clang::ObjCAutoreleasePoolStmt*, llvm::SmallVectorImpl<llvm::PointerIntPair<clang::Stmt*, 1u, bool, llvm::PointerLikeTypeTraits<clang::Stmt*>, llvm::PointerIntPairInfo<clang::Stmt*, 1u, llvm::PointerLikeTypeTraits<clang::Stmt*> > > >*) ASTMatchFinder.cpp:0:0
#11 0x000056104b4bcb12 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseStmt(clang::Stmt*, llvm::SmallVectorImpl<llvm::PointerIntPair<clang::Stmt*, 1u, bool, llvm::PointerLikeTypeTraits<clang::Stmt*>, llvm::PointerIntPairInfo<clang::Stmt*, 1u, llvm::PointerLikeTypeTraits<clang::Stmt*> > > >*) ASTMatchFinder.cpp:0:0
#12 0x000056104b4bcc8b clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor::TraverseStmt(clang::Stmt*, llvm::SmallVectorImpl<llvm::PointerIntPair<clang::Stmt*, 1u, bool, llvm::PointerLikeTypeTraits<clang::Stmt*>, llvm::PointerIntPairInfo<clang::Stmt*, 1u, llvm::PointerLikeTypeTraits<clang::Stmt*> > > >*) (.constprop.0) ASTMatchFinder.cpp:0:0
#13 0x000056104b4c6f9f clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseFunctionHelper(clang::FunctionDecl*) ASTMatchFinder.cpp:0:0
#14 0x000056104b4c71e3 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseCXXDeductionGuideDecl(clang::CXXDeductionGuideDecl*) ASTMatchFinder.cpp:0:0
#15 0x000056104b4b7eef clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor::TraverseDecl(clang::Decl*) ASTMatchFinder.cpp:0:0
#16 0x000056104b4b7ff9 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseDeclContextHelper(clang::DeclContext*) (.part.0) ASTMatchFinder.cpp:0:0
#17 0x000056104b4b7400 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseDecl(clang::Decl*) ASTMatchFinder.cpp:0:0
#18 0x000056104b4b7eef clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor::TraverseDecl(clang::Decl*) ASTMatchFinder.cpp:0:0
#19 0x000056104b4b7ff9 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseDeclContextHelper(clang::DeclContext*) (.part.0) ASTMatchFinder.cpp:0:0
#20 0x000056104b4c4568 clang::RecursiveASTVisitor<clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor>::TraverseTranslationUnitDecl(clang::TranslationUnitDecl*) ASTMatchFinder.cpp:0:0
#21 0x000056104b4b7eef clang::ast_matchers::internal::(anonymous namespace)::MatchASTVisitor::TraverseDecl(clang::Decl*) ASTMatchFinder.cpp:0:0
#22 0x000056104b4b8235 clang::ast_matchers::MatchFinder::matchAST(clang::ASTContext&) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x36cf235)
#23 0x000056104a4eef50 clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x2705f50)
#24 0x000056104a720131 clang::ParseAST(clang::Sema&, bool, bool) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x2937131)
#25 0x000056104a4b5779 clang::FrontendAction::Execute() (/home/i-ky/llvm-project/build/bin/clang-tidy+0x26cc779)
#26 0x000056104a435991 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x264c991)
#27 0x0000561049d84074 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x1f9b074)
#28 0x0000561049d23968 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef)::ActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) ClangTidy.cpp:0:0
#29 0x0000561049d7d0c5 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x1f940c5)
#30 0x0000561049d80438 clang::tooling::ToolInvocation::run() (/home/i-ky/llvm-project/build/bin/clang-tidy+0x1f97438)
#31 0x0000561049d82590 clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x1f99590)
#32 0x0000561049d2beba clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/home/i-ky/llvm-project/build/bin/clang-tidy+0x1f42eba)
#33 0x0000561048d63d1f clang::tidy::clangTidyMain(int, char const**) (/home/i-ky/llvm-project/build/bin/clang-tidy+0xf7ad1f)
#34 0x00007fc16c1e0d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#35 0x00007fc16c1e0e40 call_init ./csu/../csu/libc-start.c:128:20
#36 0x00007fc16c1e0e40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#37 0x0000561048d5b085 _start (/home/i-ky/llvm-project/build/bin/clang-tidy+0xf72085)
Segmentation fault (core dumped)

Contents of crash.cpp:

void *realloc(void *, unsigned);

struct Foo {};

struct Bar {
  Foo *foo;
  void *arr[4]{};
  Foo *test() {
    Foo *ret = foo;
    for (auto &&i: arr) {
      if (!i) continue;
    }
    return ret = static_cast<Foo *>(realloc(ret, 42));
  }
};

clang-tidy built from LLVM sources d4b6fcb (with minor patch that should not affect clang-tidy):

$ clang-tidy --version
LLVM (http://llvm.org/):
  LLVM version 16.0.0git
  Optimized build.
  Default target: x86_64-unknown-linux-gnu
  Host CPU: znver3
@EugeneZelenko EugeneZelenko added clang-tidy crash Prefer [crash-on-valid] or [crash-on-invalid] and removed new issue labels Dec 14, 2022
@llvmbot
Copy link
Collaborator

llvmbot commented Dec 14, 2022

@llvm/issue-subscribers-clang-tidy

@EugeneZelenko
Copy link
Contributor

@balazske: Please take a look.

@balazske balazske self-assigned this Dec 16, 2022
@balazske
Copy link
Collaborator

https://reviews.llvm.org/D140194 should fix this crash.

balazske added a commit that referenced this issue Dec 21, 2022
@balazske
[clang-tidy] Fix crash in bugprone-suspicious-realloc-usage.
01303f6 
The problem occurs if a statement is found by the checker that has a null child.
Fixes issue #59518.

Reviewed By: hokein

Differential Revision: https://reviews.llvm.org/D140194
malavikasamak pushed a commit to apple/llvm-project that referenced this issue Jan 6, 2023
@balazske
[clang-tidy] Fix crash in bugprone-suspicious-realloc-usage.
d99809a 
The problem occurs if a statement is found by the checker that has a null child.
Fixes issue llvm#59518.

Reviewed By: hokein

Differential Revision: https://reviews.llvm.org/D140194

(cherry picked from commit 01303f6)
@balazske
Copy link
Collaborator

The problem looks to be fixed.

malavikasamak pushed a commit to apple/llvm-project that referenced this issue Jan 17, 2023
@balazske
[clang-tidy] Fix crash in bugprone-suspicious-realloc-usage.
098988f 
The problem occurs if a statement is found by the checker that has a null child.
Fixes issue llvm#59518.

Reviewed By: hokein

Differential Revision: https://reviews.llvm.org/D140194

(cherry picked from commit 01303f6)
malavikasamak pushed a commit to apple/llvm-project that referenced this issue Jan 23, 2023
@balazske
[clang-tidy] Fix crash in bugprone-suspicious-realloc-usage.
24a1493 
The problem occurs if a statement is found by the checker that has a null child.
Fixes issue llvm#59518.

Reviewed By: hokein

Differential Revision: https://reviews.llvm.org/D140194

(cherry picked from commit 01303f6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@balazske balazske

Labels
clang-tidy crash Prefer [crash-on-valid] or [crash-on-invalid]
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@EugeneZelenko @i-ky @balazske @llvmbot